openapi: 3.0.3 info: title: SOAT Policies API version: 1.0.0 description: API for managing global policies (admin-only) contact: name: SOAT Team url: https://github.com/ttoss/soat servers: - url: '{baseUrl}' description: Base URL of your SOAT deployment (e.g. https://your-soat.com or http://localhost:5047) variables: baseUrl: description: The base URL of your SOAT deployment default: http://localhost:5047 tags: - name: Policies description: Manage policies security: - bearerAuth: [] paths: /api/v1/policies: get: tags: - Policies summary: List all policies description: Returns a list of all global policies. Requires admin role. operationId: listPolicies responses: '200': description: List of policies content: application/json: schema: type: array items: $ref: '#/components/schemas/PolicyRecord' '401': description: Unauthorized '403': description: Forbidden (non-admin user) post: tags: - Policies summary: Create a policy description: Creates a new global policy. Requires admin role. operationId: createPolicy requestBody: required: true content: application/json: schema: type: object required: - document properties: name: type: string example: ReadOnlyAccess description: type: string example: Allows read-only access to all resources document: $ref: '#/components/schemas/PolicyDocument' responses: '201': description: Policy created successfully content: application/json: schema: $ref: '#/components/schemas/PolicyRecord' '400': description: Bad request (invalid policy document) content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized '403': description: Forbidden (non-admin user) /api/v1/policies/{policy_id}: get: tags: - Policies summary: Get a policy description: Returns details of a specific policy. Requires admin role. operationId: getPolicy parameters: - name: policy_id in: path required: true description: Policy public ID (pol_ prefix) schema: type: string example: pol_V1StGXR8Z5jdHi6B responses: '200': description: Policy details content: application/json: schema: $ref: '#/components/schemas/PolicyRecord' '401': description: Unauthorized '403': description: Forbidden (non-admin user) '404': description: Policy not found put: tags: - Policies summary: Update a policy description: Updates an existing global policy. Requires admin role. operationId: updatePolicy parameters: - name: policy_id in: path required: true description: Policy public ID (pol_ prefix) schema: type: string example: pol_V1StGXR8Z5jdHi6B requestBody: required: true content: application/json: schema: type: object required: - document properties: name: type: string description: type: string document: $ref: '#/components/schemas/PolicyDocument' responses: '200': description: Policy updated successfully content: application/json: schema: $ref: '#/components/schemas/PolicyRecord' '400': description: Bad request (invalid policy document) content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized '403': description: Forbidden (non-admin user) '404': description: Policy not found delete: tags: - Policies summary: Delete a policy description: Deletes a global policy. Requires admin role. operationId: deletePolicy parameters: - name: policy_id in: path required: true description: Policy public ID (pol_ prefix) schema: type: string example: pol_V1StGXR8Z5jdHi6B responses: '204': description: Policy deleted successfully '401': description: Unauthorized '403': description: Forbidden (non-admin user) '404': description: Policy not found components: securitySchemes: bearerAuth: type: http scheme: bearer description: JWT token or sk_ api key schemas: PolicyStatement: type: object required: - effect - action properties: effect: type: string enum: [Allow, Deny] example: Allow action: type: array items: type: string example: ['files:ListFiles', 'files:CreateFile'] resource: type: array items: type: string example: ['soat:proj_abc:files:*'] PolicyDocument: type: object required: - statement properties: statement: type: array items: $ref: '#/components/schemas/PolicyStatement' PolicyRecord: type: object properties: id: type: string description: Public policy ID (pol_ prefix) example: pol_V1StGXR8Z5jdHi6B name: type: string example: ReadOnlyAccess description: type: string document: $ref: '#/components/schemas/PolicyDocument' created_at: type: string format: date-time example: '2024-01-01T00:00:00.000Z' updated_at: type: string format: date-time example: '2024-01-01T00:00:00.000Z' ErrorResponse: type: object properties: error: type: string example: An error occurred